bentoml 1.4.33 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the bentoml package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Directory Traversal bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Directory Traversal via the processing of user-supplied file paths in configuration fields `description`, `docker.setup_script`, `docker.dockerfile_template`, and `conda.environment_yml`. An attacker can access arbitrary files from the filesystem by emabedding them into a built archive that they have access to. The vulnerable values can be included in a configuration file with malicious paths, including absolute, relative, environment variable, or tilde-based references. This can lead to the exposure of sensitive files, such as credentials or environment variables, when the archive is built and subsequently distributed or deployed. How to fix Directory Traversal? Upgrade `bentoml` to version 1.4.34 or higher.	[,1.4.34)
H Denial of Service (DoS) bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Denial of Service (DoS) via the multipart boundary processing. An attacker can cause the server to allocate excessive resources and become unresponsive by appending characters such as dashes (-) to the end of a multipart boundary in an HTTP request. Note: This is only exploitable if the server is configured to process multipart boundaries without adequate validation or limits. How to fix Denial of Service (DoS)? There is no fixed version for `bentoml`.	[0,)

Vulnerability

Vulnerable Version

Directory Traversal

bentoml is a BentoML: Build Production-Grade AI Applications

Affected versions of this package are vulnerable to Directory Traversal via the processing of user-supplied file paths in configuration fields description, docker.setup_script, docker.dockerfile_template, and conda.environment_yml. An attacker can access arbitrary files from the filesystem by emabedding them into a built archive that they have access to. The vulnerable values can be included in a configuration file with malicious paths, including absolute, relative, environment variable, or tilde-based references. This can lead to the exposure of sensitive files, such as credentials or environment variables, when the archive is built and subsequently distributed or deployed.

How to fix Directory Traversal?

Upgrade bentoml to version 1.4.34 or higher.

[,1.4.34)

Denial of Service (DoS)

bentoml is a BentoML: Build Production-Grade AI Applications

Affected versions of this package are vulnerable to Denial of Service (DoS) via the multipart boundary processing. An attacker can cause the server to allocate excessive resources and become unresponsive by appending characters such as dashes (-) to the end of a multipart boundary in an HTTP request.

Note:

This is only exploitable if the server is configured to process multipart boundaries without adequate validation or limits.

How to fix Denial of Service (DoS)?

There is no fixed version for bentoml.

[0,)

bentoml@1.4.33 vulnerabilities

BentoML: The easiest way to serve AI apps and models

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically